Thursday, May 10, 2007

Homeland Security Department Not So Secure

Last week the Transportation Security Administration had lost a computer hard drive containing data and payroll information for about 100,000 employee records. They use the term lost, but seeing who is involved in looking for it, stolen is probably the better word choice. They may find it being used as a bookend somewhere.

The data was on employees who worked at the agency between January 2002 and August 2005 and included Social Security and bank account numbers, names, dates of birth, salaries, benefit deductions, and bank routing information.

In case you don’t recall, the TSA is a part of the Homeland Security Department. That does not sound reassuring at all. The agency that was chartered after 911 to protect us is not even protecting itself.

But if you look at a short chronology from the last 3 weeks you could not make up this entire string of events that has just rolled out of our elected government.

- April 23, 2007 The President’s Identity Theft Task Force – Combating Identity Theft a Strategic Plan – 120 pages of what Washington wants everyone to do

- April 2007 Government Accountability Office – Privacy – Lessons Learned about Data Breach Notification – 78 pages of how and when to notify people the next time it happens! They were planning on it!

- May 4, 2007 TSA notifies 100,000 of a lost hard drive

- May 9, 2007 The American Federation of Government Employees (AFGE), along with four security screeners, charged that the TSA had recklessly violated the Privacy Act and also violated the Aviation and Transportation Security Act. The class action suit was filed in U.S. District Court in Washington on Wednesday 5/9/07.

President Bush has to be in the White House banging his head on the oval office walls. He would ask Attorney General Gonzales, but he has his own issues to worry about, and he issued that 120 page report, so he’s off the hook. So who else can take responsibility for this? Typical reaction is to roll a head or two in the management ranks. What does that solve? It only keeps the same inept individuals still guarding the data, which they didn’t do so well to start with.

What really needs to happen is people who are truly responsible for this, at the office level, get fired, loose their pensions drain their 401’s. If you were handed information and told your financial future depended on keeping it safe, you can be sure there would be people keeping better track of that data better than their wallet.

Lack of accountability breeds lack of responsibility.